Guide to writing secure setuid programs?

Rob McMahon cudcv at daisy.warwick.ac.uk
Sun Mar 27 05:01:42 AEST 1988


In article <8468 at eddie.MIT.EDU> jbs at eddie.MIT.EDU (Jeff Siegal) writes:
|In article <7616 at oberon.USC.EDU> blarson at skat.usc.edu (Bob Larson) writes:
|>about setuid lp programs.
|Setting the directory mode to 777 by itself doesn't let anyone modify
|or read anything.  All it allows people do is:
|
|	1. List the file names in the directory
|	2. Access files in the dirctory _according_to_their_modes.
|	3. Remove files from the directory.

	4. Add files (or links) to the directory.

If you're not careful Joe User can get files printed out which he has no
read permission to by making links, symbolic links, into this directory.

Rob
-- 
UUCP:   ...!mcvax!ukc!warwick!cudcv	PHONE:  +44 203 523037
JANET:  cudcv at uk.ac.warwick.cu          ARPA:   cudcv at cu.warwick.ac.uk
Rob McMahon, Computing Services, Warwick University, Coventry CV4 7AL, England



More information about the Comp.bugs.sys5 mailing list